added CI pipeline; setup additional repo information; updated README; added manifest

araujof · araujof · commit 8760eeb3d197 · 2021-07-21T18:26:19.000-04:00
Signed-off-by: Frederico Araujo &lt;frederico.araujo@ibm.com&gt;
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -0,0 +1,121 @@
+name: ci
+
+on:
+  push:
+    branches:
+      - master
+      - dev
+    tags:
+      - '*'     
+  pull_request:
+    branches:
+      - master
+      - dev
+    types:
+      - opened
+      - edited
+      - reopened
+      - synchronize
+      - ready_for_review
+      - unlocked
+      - review_requested
+  workflow_dispatch:
+    
+env:
+  DOCKER_REGISTRY_REPOSITORY: sysflowtelemetry/sf-policymanager 
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Setup Python
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.x'      
+      - name: Install requirements
+        run: |
+          python -m pip install --upgrade pip          
+          python -m pip install black unimport safety bandit        
+      - name: Check style
+        run: black --check -S -l 120 src/
+      - name: Check imports
+        run: unimport --check --exclude __init__.py src/
+      - name: Check package vulnerabilities
+        run: safety check -r src/requirements.txt
+      - name: Check code vulnerabilities
+        run: bandit -r src/
+  docker:
+    needs: lint
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:      
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          submodules: true      
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v3
+        with:          
+          images: |
+            ${{ env.DOCKER_REGISTRY_REPOSITORY }}
+            ghcr.io/${{ github.repository }}
+          tags: |            
+            type=edge,branch=master
+            type=ref,event=branch
+            type=ref,event=tag            
+            type=ref,event=pr
+          labels: |
+            org.opencontainers.image.documentation=https://sysflow.readthedocs.io/
+            org.opencontainers.image.vendor=SysFlow
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      - name: Login to DockerHub
+        uses: docker/#-action@v1 
+        if: ${{ github.event_name != 'pull_request' }}
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Login to GitHub Container Registry
+        uses: docker/#-action@v1 
+        if: ${{ github.event_name != 'pull_request' }}
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}   
+      - name: Set build args
+        id: args
+        shell: bash
+        run: |
+          echo "##[set-output name=ubi_version;]$(awk -F'=' '/UBI_VERSION/{print $2}' makefile.manifest.inc)"
+          echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/*/})"
+          echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"     
+      - name: Build and push
+        id: docker_build        
+        uses: docker/build-push-action@v2        
+        with:
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: "${{ steps.meta.outputs.tags }}"
+          labels: "${{ steps.meta.outputs.labels }}"
+          build-args: |            
+            VERSION=${{ steps.args.outputs.branch }}
+            RELEASE=${{ steps.args.outputs.sha_short }}
+            UBI_VER=${{ steps.args.outputs.ubi_version }}
+      - name: push README to Dockerhub
+        uses: christian-korneck/update-container-description-action@v1
+        if: ${{ github.ref == 'refs/heads/master' && github.event_name != 'pull_request' }}
+        env:
+          DOCKER_USER: ${{ secrets.DOCKERHUB_USERNAME }}
+          DOCKER_PASS: ${{ secrets.DOCKERHUB_TOKEN }}
+        with:
+          destination_container_repo: ${{ env.DOCKER_REGISTRY_REPOSITORY }}
+          provider: dockerhub          
+          readme_file: "README.md"      
+      - name: Image digest
+        run: echo ${{ steps.docker_build.outputs.digest }}
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,22 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
+
+> **Types of changes:**
+>
+> -   **Added**: for new features.
+> -   **Changed**: for changes in existing functionality.
+> -   **Deprecated**: for soon-to-be removed features.
+> -   **Removed**: for now removed features.
+> -   **Fixed**: for any bug fixes.
+> -   **Security**: in case of vulnerabilities.
+
+## [[UNRELEASED](https://github.com/sysflow-telemetry/sf-policymanager/compare/0.3.0-rc2...HEAD)]
+
+## [0.3.0-rc2] - 2021-07-23
+
+### Added
+
+- First release candidate.
diff --git a/MAINTAINERS.md b/MAINTAINERS.md
@@ -0,0 +1,5 @@
+# MAINTAINERS
+
+Frederico Araujo
+
+Teryl Taylor
diff --git a/Makefile b/Makefile
@@ -0,0 +1,17 @@
+#
+# Copyright (C) 2020 IBM Corporation.
+#
+# Authors:
+# Frederico Araujo <frederico.araujo@ibm.com>
+# Teryl Taylor <terylt@ibm.com>
+#
+
+# Build environment configuration
+include ./makefile.manifest.inc
+
+.PHONY: all
+all: docker-build
+
+.PHONY: docker-build
+docker-build:
+	docker build -t sf-policymanager --build-arg UBI_VER=$(UBI_VERSION) -f Dockerfile .
diff --git a/README.md b/README.md
@@ -1,3 +1,54 @@
 # sf-policymanager
-SysFlow operator for managing policies mapped from a git repository
+[![Build Status](https://img.shields.io/github/workflow/status/sysflow-telemetry/sf-policymanager/ci)](https://github.com/sysflow-telemetry/sf-policymanager/actions)
+[![Docker Pulls](https://img.shields.io/docker/pulls/sysflowtelemetry/sf-policymanager)](https://hub.docker.com/r/sysflowtelemetry/sf-policymanager)
+![GitHub tag (latest by date)](https://img.shields.io/github/v/tag/sysflow-telemetry/sf-policymanager)
+[![Documentation Status](https://readthedocs.org/projects/sysflow/badge/?version=latest)](https://sysflow.readthedocs.io/en/latest/?badge=latest)
+[![GitHub](https://img.shields.io/github/license/sysflow-telemetry/sf-policymanager)](https://github.com/sysflow-telemetry/sf-policymanager/blob/master/LICENSE.md)
 
+# Supported tags and respective `Dockerfile` links
+
+-	[`0.3.0`, `latest`](https://github.com/sysflow-telemetry/sf-policymanager/blob/0.3.0/Dockerfile), [`edge`](https://github.com/sysflow-telemetry/sf-policymanager/blob/master/Dockerfile), [`dev`](https://github.com/sysflow-telemetry/sf-policymanager/blob/dev/Dockerfile)
+
+> Note: This is an experimental utility.
+
+# Quick reference
+
+-	**Documentation**:  
+	[the SysFlow Documentation](https://sysflow.readthedocs.io)
+  
+-	**Where to get help**:  
+	[the SysFlow Community Slack](https://join.slack.com/t/sysflow-telemetry/shared_invite/enQtODA5OTA3NjE0MTAzLTlkMGJlZDQzYTc3MzhjMzUwNDExNmYyNWY0NWIwODNjYmRhYWEwNGU0ZmFkNGQ2NzVmYjYxMWFjYTM1MzA5YWQ)
+
+-	**Where to file issues**:  
+	[the github issue tracker](https://github.com/sysflow-telemetry/sysflow/issues) (include the `sf-policymanager` tag)
+
+-	**Source of this description**:  
+	[repo's readme](https://github.com/sysflow-telemetry/sf-policymanager/edit/master/README.md) ([history](https://github.com/sysflow-telemetry/sf-policymanager/commits/master))
+
+-	**Docker images**:  
+	[docker hub](https://hub.docker.com/u/sysflowtelemetry) | [GHCR](https://github.com/orgs/sysflow-telemetry/packages)
+
+# What is SysFlow?
+
+The SysFlow Telemetry Pipeline is a framework for monitoring cloud workloads and for creating performance and security analytics. The goal of this project is to build all the plumbing required for system telemetry so that users can focus on writing and sharing analytics on a scalable, common open-source platform. The backbone of the telemetry pipeline is a new data format called SysFlow, which lifts raw system event information into an abstraction that describes process behaviors, and their relationships with containers, files, and network. This object-relational format is highly compact, yet it provides broad visibility into container clouds. We have also built several APIs that allow users to process SysFlow with their favorite toolkits. Learn more about SysFlow in the [SysFlow specification document](https://sysflow.readthedocs.io/en/latest/spec.html).
+
+The SysFlow framework consists of the following sub-projects:
+
+- [sf-apis](https://github.com/sysflow-telemetry/sf-apis) provides the SysFlow schema and programatic APIs in go, python, and C++.
+- [sf-collector](https://github.com/sysflow-telemetry/sf-collector) monitors and collects system call and event information from hosts and exports them in the SysFlow format using Apache Avro object serialization.
+- [sf-processor](https://github.com/sysflow-telemetry/sf-processor) provides a performance optimized policy engine for processing, enriching, filtering SysFlow events, generating alerts, and exporting the processed data to various targets.
+- [sf-exporter](https://github.com/sysflow-telemetry/sf-exporter) exports SysFlow traces to S3-compliant storage systems for archival purposes.
+- [sf-deployments](https://github.com/sysflow-telemetry/sf-deployments) contains deployment packages for SysFlow, including Docker, Helm, and OpenShift.
+- [sysflow](https://github.com/sysflow-telemetry/sysflow) is the documentation repository and issue tracker for the SysFlow framework.
+
+# About This Image
+
+This image packages the SysFlow Policy Manager operator, which manages policies mapped from a git repository for k8s deployments.
+
+# License
+
+View [license information](https://github.com/sysflow-telemetry/sf-policymanager/blob/master/LICENSE.md) for the software contained in this image.
+
+As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
+
+As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.
diff --git a/makefile.manifest.inc b/makefile.manifest.inc
@@ -0,0 +1,11 @@
+#
+# Copyright (C) 2020 IBM Corporation.
+#
+# Authors:
+# Frederico Araujo <frederico.araujo@ibm.com>
+# Teryl Taylor <terylt@ibm.com>
+#
+
+SYSFLOW_VERSION?=0.3.0
+SYSFLOW_BUILD_NUMBER?=1
+UBI_VERSION=8.4-205
